Lucene search

K
SitrackerSupport Incident Tracker3.51

7 matches found

CVE
CVE
added 2012/01/29 11:55 a.m.45 views

CVE-2011-5074

Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to hijack the authentication of administrators for requests that change administrator email, add a new administrator, or insert arbitrary script via (1) user_profile_...

6.8CVSS7.4AI score0.00158EPSS
CVE
CVE
added 2012/05/27 7:55 p.m.37 views

CVE-2012-2235

Cross-site scripting (XSS) vulnerability in Support Incident Tracker (SiT!) 3.65 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter to index.php, which is not properly handled in an error message.

4.3CVSS6AI score0.00225EPSS
CVE
CVE
added 2012/01/29 4:4 a.m.34 views

CVE-2011-5071

Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) sear...

7.5CVSS8.7AI score0.00455EPSS
CVE
CVE
added 2012/01/29 11:55 a.m.33 views

CVE-2011-5072

Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to portal/kb.php; (2) contractid parameter to contract_add_service.php; (3) id parameter to edit_escalation_path.php; (4) un...

7.5CVSS8.7AI score0.00198EPSS
CVE
CVE
added 2012/01/29 11:55 a.m.32 views

CVE-2011-4337

Static code injection vulnerability in translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in the i18n directory via the lang variable.

7.5CVSS7.5AI score0.0329EPSS
CVE
CVE
added 2012/01/29 11:55 a.m.32 views

CVE-2011-5073

Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to contact_support.php; (2) contractid parameter to contract_add_service.php; (3) user parameter to edit_ba...

4.3CVSS5.8AI score0.00349EPSS
CVE
CVE
added 2012/01/29 11:55 a.m.31 views

CVE-2011-5075

translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to obtain sensitive information via a direct request using the save action, which reveals the installation path.

5CVSS6.3AI score0.10725EPSS